Merge pull request #3967 from blenk92/development

Fix XSS-Vulnerability in configuration page
This commit is contained in:
Theo Arends 2018-10-03 20:04:19 +02:00 committed by GitHub
commit 42e8b193f7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 1 deletions

View File

@ -789,6 +789,17 @@ void HandleWifiConfiguration()
HandleWifi(false); HandleWifi(false);
} }
String htmlEscape(String s)
{
s.replace("&", "&");
s.replace("<", "&lt;");
s.replace(">", "&gt;");
s.replace("\"", "&quot;");
s.replace("'", "&#x27;");
s.replace("/", "&#x2F;");
return s;
}
void HandleWifi(boolean scan) void HandleWifi(boolean scan)
{ {
if (HttpUser()) { return; } if (HttpUser()) { return; }
@ -854,7 +865,7 @@ void HandleWifi(boolean scan)
String item = FPSTR(HTTP_LNK_ITEM); String item = FPSTR(HTTP_LNK_ITEM);
String rssiQ; String rssiQ;
rssiQ += quality; rssiQ += quality;
item.replace(F("{v}"), WiFi.SSID(indices[i])); item.replace(F("{v}"), htmlEscape(WiFi.SSID(indices[i])));
item.replace(F("{w}"), String(WiFi.channel(indices[i]))); item.replace(F("{w}"), String(WiFi.channel(indices[i])));
item.replace(F("{r}"), rssiQ); item.replace(F("{r}"), rssiQ);
uint8_t auth = WiFi.encryptionType(indices[i]); uint8_t auth = WiFi.encryptionType(indices[i]);